DO-254 Requirements Traceability



Similar documents
Understanding DO-254 Compliance for the Verification of Airborne Digital Hardware

The Impact of RTCA DO-178C on Software Development

Tool Qualification Kit for NI TestStand Test Management Software

SOFTWARE CONFIGURATION MANAGEMENT GUIDEBOOK

Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center

IBM Rational systems and software solutions for the medical device industry

The structured application of advanced logging techniques for SystemVerilog testbench debug and analysis. By Bindesh Patel and Amanda Hsiao.

SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE. Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.

AC REUSABLE SOFTWARE COMPONENTS

asuresign Aero (NATEP Grant MA005)

DO-178B compliance: turn an overhead expense into a competitive advantage

Guide to Enterprise Life Cycle Processes, Artifacts, and Reviews

Best practices for developing DO-178 compliant software using Model-Based Design

SCADE SUITE SOFTWARE VERIFICATION PLAN FOR DO-178B LEVEL A & B

Certification Authorities Software Team (CAST) Position Paper CAST-15

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Dependable (Safe/Reliable) Systems. ARO Reliability Workshop Software Intensive Systems

Reclamation Manual Directives and Standards

Program Lifecycle Methodology Version 1.7

Requirements-Based Testing: Encourage Collaboration Through Traceability

Introduction to Functional Verification. Niels Burkhardt

ALM120 Application Lifecycle Management 11.5 Essentials

Licensing Guide for Partners. Leveraging Data Center Providers and Software Services Resellers

Software Engineering. Software Processes. Based on Software Engineering, 7 th Edition by Ian Sommerville

Performance Testing Uncovered

ITS Projects Systems Engineering Process Compliance Checklist

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

Test management best practices

EXHIBIT L. Application Development Processes

Essentials of the Quality Assurance Practice Principles of Testing Test Documentation Techniques. Target Audience: Prerequisites:

Intland s Medical Template

Release & Deployment Management

Life Sciences Product Development Artifacts Survey Results

DO-178B/C Differences Tool

Certification Authorities Software Team (CAST) Position Paper CAST-9

WORKSHOP RC EVI Integração de Sistemas Junho de 2011 Eng. Nelson José Wilmers Júnior

PLM Software. Answers for industry. Siemens PLM Software. e x e c u t i v e w h i t e p a p e r

Model Based System Engineering (MBSE) For Accelerating Software Development Cycle

The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

Basic Unified Process: A Process for Small and Agile Projects

Certification Authorities Software Team (CAST) Position Paper CAST-26

Enhance visibility into and control over software projects IBM Rational change and release management software

SOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

Implementation of ANSI/AAMI/IEC Medical Device Software Lifecycle Processes.

Acknowledgement. Software Engineering. CS 3141: Team Software Project Introduction

Release and Deployment Management Software

Change & configuration management

Appendix H Software Development Plan Template

unless the manufacturer upgrades the firmware, whereas the effort is repeated.

Clinical Risk Management: Agile Development Implementation Guidance

2: Do not use vendor-supplied defaults for system passwords and other security parameters

How To Write An Slcm Project Plan

WIND RIVER RTCA DO-178 SOFTWARE CERTIFICATION SERVICES

ALS Configuration Management Plan

Serena Dimensions CM. Develop your enterprise applications collaboratively securely and efficiently SOLUTION BRIEF

What is a life cycle model?

Establishing Great Software Development Process(es) for Your Organization. By Dale Mayes

Bringing agility to Business Intelligence Metadata as key to Agile Data Warehousing. 1 P a g e.

PARCC TECHNOLOGY ARCHITECTURE ARCHITECTURAL PRINCIPLES AND CONSTRAINTS SUMMARY

3SL. Requirements Definition and Management Using Cradle

Integration Technologies Group (ITG) ITIL V3 Service Asset and Configuration Management Assessment Robert R. Vespe Page 1 of 19

TITLE: Control of Software

Requirements Traceability

Chapter 13: Verification

Safety Requirements Specification Guideline

CDC UNIFIED PROCESS PRACTICES GUIDE

1. Introduction. Annex 7 Software Project Audit Process

Issue in Focus: Consolidating Design Software. Extending Value Beyond 3D CAD Consolidation

Different Product Structures with Windchill MPMLink

Subject Software Aspects of Certification

To introduce software process models To describe three generic process models and when they may be used

Requirements Traceability. Mirka Palo

Software Development Life Cycle

Software Production. Industrialized integration and validation of TargetLink models for series production

CHAPTER 1 INTRODUCTION

Software Development for Medical Devices

Camar Aircraft Products Co. QUALITY MANUAL Revision D

Model-Based Conceptual Design through to system implementation Lessons from a structured yet agile approach

System Build 2 Test Plan

Modernizing enterprise application development with integrated change, build and release management.

Using TechExcel s DevSuite to Achieve FDA Software Validation Compliance For Medical Software Device Development

Practice Overview. REQUIREMENTS DEFINITION Issue Date: <mm/dd/yyyy> Revision Date: <mm/dd/yyyy>

Demand & Requirements Management Software Development QA & Test Management IT Operations & DevOps Change Management Agile, SAFe, Waterfall Support

Software Project Audit Process

Aligning IT investment and Business

Examination SUBJECT. Version:

Introduction to OpenUP (Open Unified Process)

Software Quality Assurance Plan

Parameters for Efficient Software Certification

SoMA. Automated testing system of camera algorithms. Sofica Ltd

IEC Overview Report

MKS Integrity & CMMI. July, 2007

Software Quality Assurance Plan

AD Management Survey: Reveals Security as Key Challenge

From Chaos to Clarity: Embedding Security into the SDLC

Christie Price Subcontract Administrator Lockheed Martin Corporation South Wadsworth Blvd. Littleton, CO 80125

SIS Functional Design 15 minutes

Security Control Standard

-.% . /(.0/ ) 53%/( (01 (%((. * 7071 (%%2 $,( . 8 / 9!0/!1 . # (3(0 31.%::((. ;.!0.!1 %2% . ".(0.1 $) (%+"",(%$.(6

Transcription:

DO-254 Requirements Traceability Louie De Luna, Aldec - June 04, 2013 DO-254 enforces a strict requirements-driven process for the development of commercial airborne electronic hardware. For DO-254, requirements must drive the design and verification activities, and requirements traceability helps to ensure this. Introduction Complex custom micro-coded devices such as PLDs, FPGAs and ASICs used in commercial airborne hardware are subject to the stringent development process outlined in the DO-254 guidance. This means that the design and verification activities for these types of devices must follow the requirements-based development process described in DO-254. The primary purpose of DO-254 is to provide assurance that the device under test meets its intended functions under all foreseeable operating conditions. Requirements express the functions of the device under test; therefore must drive the design and verification activities. This paper describes requirements traceability according to DO-254 guidance in the context of FPGAs, and provides explanations as to what it means for the applicants. This paper also enumerates the underlying purpose of requirements traceability and the benefits that can be achieved when done correctly. Requirements Capture Process The FPGA requirements capture process is the allocation of functions from the Circuit Card Assembly (CCA) to the FPGA device. The allocated functions are recorded and expressed as FPGA requirements. Figure 1 shows an example of a CCA containing a single FPGA device. Figure 1. Circuit Card Assembly containing a single FPGA

Requirements are captured and created based on the standards, method, rules, procedures and criteria defined during the planning process. The FPGA requirements capture process is iterative since additional requirements may be generated during the design process. FPGA requirements that are not allocated from the CCA functions and created as a result of a design decision, architectural changes or safety precaution are called derived requirements. FPGA requirements are reviewed for suitability and correctness in relation to the CCA requirements, and derived requirements are validated for correctness and completeness. Example activities involved in the FPGA requirements capture process are: Creation of FPGA requirements based on CCA functions allocated to the FPGA Creation of traceability links from CCA requirements to FPGA requirements Creation and justification of derived requirements that results from the design process Generating downstream and upstream traceability reports Recording all FPGA requirements in the Hardware Requirements Document (HRD) Once the requirements capture process is completed, the FPGA requirements that are captured and listed in the HRD become the basis for all FPGA design and verification activities. Requirements Traceability Requirements Traceability At its simplest form, traceability is linking all of the design and verification elements back to the requirements to identify the relationships between them. The outputs of traceability are the upstream and downstream reports showing the correlation between the project elements. Traceability reports are reviewed for correctness internally within organizations, and audited by certification authorities. Requirements traceability as defined in RTCA/DO-254 and FAA Order 8110.105 are as follows: RTCA/DO-254 page 66 10.4.1. Traceability Data Hardware traceability establishes a correlation between the requirements, detailed design, implementation and verification data that facilitates configuration control, modification and verification of the hardware item. Hardware traceability data should include: 1. A correlation between the system requirements allocated to hardware and the requirements. 2. A correlation between the requirements and the hardware detailed design data. 3. A correlation between the hardware detailed design data and the as-built hardware item or assembly.

4. A correlation between the requirements, including derived hardware requirements, and detailed design data and the verification procedures and results. 5. The results of a traceability analysis. FAA Order 8110.105 page 32-33 6-3. Traceability. Many RTCA/DO-254 sections talk about traceability, including Sections 5.1.1, 5.1.2, 6.1,6.1.2, 6.2.1, 6.2.2, 6.3.2, 6.3.3, and 10.4.1. In this paragraph we clarify two areas for levels A and B: a. Applicants should ensure traceability between the hardware requirements, the conceptual design, the detailed design, and the implementation. b. Applicants should ensure both the traceability between the requirements and design data covered in paragraph 6-3a above and the corresponding verification and validation results. c. For levels C and D, applicants need to ensure only the traceability from requirements to test (see RTCA/DO-254, Table A-1, Note 6). Taking a closer look into the details of the RTCA/DO-254 guidance in conjunction with the FAA Order 8110.105, traceability in the context of FPGAs entails linking the CCA requirements to the FPGA requirements, and linking FPGA requirements to the design and verification data and results. Proving that this level of traceability exists to the certification authority helps ensure that all design and verification activities for the FPGA under test are requirements-based. Responsibilities of the applicants In working through the different stages of the FPGA design life cycle, the responsibilities of the applicants to meet the objectives for traceability are as follows: Requirements Capture Link each FPGA requirement to the related CCA requirement it covers. Generate a downstream traceability report and ensure every CCA function has been allocated to the FPGA and captured as an FPGA requirement. Generate an upstream traceability report and ensure that each FPGA requirement traces up to the appropriate CCA requirement. Each FPGA requirement that does not trace up to a CCA requirement may be considered as a derived requirement and must go through the validation

process. Baseline or record the trace data between CCA requirements and FPGA requirements. Conceptual Design Link each conceptual design data to the related FPGA requirement it covers. Generate a downstream traceability report to ensure that each FPGA requirement is covered by a conceptual design data. Generate an upstream traceability to expose unnecessary conceptual design data. Baseline or record the trace data between FPGA requirements and conceptual design data. Detailed Design and Implementation Link the specific lines of the HDL design source (single line or multiple lines of code) to the related FPGA requirement it covers. Generate a downstream traceability to ensure that each FPGA requirement is fully implemented by an HDL function. FPGA designers must create additional functions as needed to fully implement each FPGA requirement. Generate an upstream traceability to expose unused HDL design functions. Unused functions of the HDL code may lead to unexpected behavior of the device, and must be removed or updated. Ensure that the post-synthesis and post-layout design meet the specified constraints. Baseline or record the trace data between FPGA requirements and HDL design data. Verification Link each verification test scenario to the related FPGA requirement it covers. Test scenarios are created based on the FPGA requirements, and they are reviewed for suitability and completeness to cover the related FPGA requirement. Test scenarios define how each FPGA requirement will be verified, and includes the appropriate input conditions, test sequence and expected results. Generate a downstream traceability to ensure each FPGA requirement is covered by a test scenario. Generate an upstream traceability to expose unnecessary test scenarios. Baseline or record the trace data between FPGA requirements and test scenarios. Link the specific lines of the testbench (single line or multiple lines of code) to the related test scenario it covers. Generate a downstream traceability to ensure that each test scenario is fully implemented by the testbench. Verification engineers must create the testbench with the appropriate test inputs, sequence and expected results as defined in the test scenarios. Generate an upstream traceability to expose unused functions or code of the testbench that needs to be removed or updated. Baseline or record the trace data between test scenarios and testbench. Link the specific simulation results to the related test scenario it covers. Simulation results are a combination of simulation logs, waveforms and coverage data. These results are analyzed and reviewed for correctness. Benefits of Requirements Traceability Benefits of Requirements Traceability Implementing and maintaining traceability throughout the FPGA development cycle ensures that what is being designed and tested is based on the requirements. Establishing traceability promotes

better project management, and provides an efficient way to organize, connect and track the FPGA development cycle. Although not explicitly defined in the guidance, requirements traceability offers significant benefits to the organization when done correctly. Several examples of the benefits are described below. Exposure of Coverage Gaps During the FPGA requirements capture process, running a downstream traceability from CCA to FPGA requirements exposes CCA requirements that are not covered by FPGA requirements. As an example shown in Figure 2, both CCA-002 and CCA-007 are not covered by any FPGA requirement. This is a result of either: the related FPGA requirements are not correctly linked to CCA-002 and CCA-007 requirements, or that the CCA-002 and CCA-007 requirements are not properly allocated to the FPGA. Either way, proper measures must be taken to correct this coverage gap. Figure 2. Spec-TRACER Downstream Traceability Likewise, during the rest of the FPGA design life cycle, running downstream traceability exposes FPGA requirements that have not been implemented by an HDL function, FPGA requirements that have not been covered by a test scenario, and test scenarios that have not been implemented by a testbench. Knowing whether there are coverage gaps or not helps keep track of the project status. Downstream

traceability easily exposes requirements coverage gaps during the FPGA development cycle. Exposure of unused HDL Functions Reusing HDL design sources across multiple projects offer several advantages, but one common disadvantage is the occurrence of unused HDL functions. Running an upstream traceability from the HDL design to the FPGA requirements easily exposes HDL functions that do not trace up to any FPGA requirement. This is a result of either: the HDL functions are not properly linked to the related FPGA requirements, or that the HDL functions are not being used at all. Unused functions of the HDL code may lead to unexpected behavior of the device, and they must be removed or updated. Impact Analysis Management Changes in the requirements may lead to changes to other project elements such as HDL design, test scenarios and testbench. Before the change occurs, organizations perform a change impact analysis to evaluate the ripple effect of the change to the rest of the project. Traceability is an effective way to expose the project elements that are impacted due to a requirement change. An example of impact analysis from Spec-TRACER is shown in Figure 3. Figure 3. Spec-TRACER Impact Analysis A change to the requirement description of CCA-041 impacts 3 FPGA requirements namely: FPGA-011 FPGA-021 FPGA-022

Test results management These FPGA requirements need to be evaluated whether or not they still fully cover CCA-041 (taking the CCA requirement change into consideration). If further modification is needed for any of the impacted FPGA requirements, then the design and verification elements linked to them also need to be evaluated. As shown in Figure 3, a change to FPGA-011 impacts the following design and verification elements, and all of them must also be evaluated and modified if needed. HDL_002_interrupt_unit.vhd --tag to HDL design function HDL_003_interrupt_unit.vhd --tag to HDL design function HDL_006_interrupt_contr.vhd --tag to HDL design function TST-003 --tag to Test scenario TB_003_testbench.vhd --tag to testbench Without an established traceability from CCA down to the FPGA design and verification elements, impact analysis would be quite difficult to manage and analyze. Since traceability between project elements exists, impact analysis is easily achievable. Test Results Management A mechanism to measure whether test case results have passed or failed is a key element in determining the completeness of the verification. Since there is an established traceability between test scenarios, testbench, simulation log files, and waveforms; tracking the result of each test scenario can be easily managed. In addition, with the help of traceability, determining and tracking which testbench achieved the maximum code coverage is also possible. Helps during Reviews and Audits During reviews and audits, the traceability reports are used as a map to determine the correlation of the CCA requirements, FPGA requirements, conceptual design, detail design, verification test scenarios, and results. With the help of the traceability reports, both the applicant and certification authority are able to easily reference and correlate all design and verification artifacts back to the FPGA and CCA requirements. Conclusion Requirements traceability provides evidence that design and verification activities are requirementsbased. A DO-254 compliant design entails linking each system function to the related FPGA requirement, conceptual design, HDL design, test scenario, testbench, and test results. Running a downstream traceability exposes uncovered requirements, and upstream traceability exposes derived requirements as well as unused HDL functions. Because of traceability, change impact analysis is simplified making it easy to identify the ripple effect of requirements changes before they occur. Change impact analysis is crucial and allows organizations to properly plan and allocate resources accordingly before implementing the requirement change. Traditionally, traceability is created and managed manually using Microsoft Word documents and Excel spreadsheets. With today s complex FPGA designs, continuing to use this traditional method has shown to be difficult, inefficient and time consuming. Aldec addresses this industry need with Spec-TRACER, a requirements lifecycle management solution that can help efficiently manage the requirements and automate traceability. Spec-TRACER enables organizations deliver high-reliability and DO-254 compliant designs.

Figure 4. Traceability for FPGAs

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information